North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Customer-facing ACLs

  • From: Christopher Morrow
  • Date: Mon Mar 10 22:37:05 2008
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=fr/dUXJmO2Mz86JWVfTNIHz3xXl8sz1KiCFMSpKeplM=; b=mwV4aTX2w5wPho1B97xxRP9gtVUJC+D8J24+bLBVvuqWpOrQ13bGS8KtVAVcEDy07X0PIqNQ9KnFwke4mpnCa8pC1MbZrx0nLn0ZjaTW3TKKuYjGvtZ6gNGCzz6qTRZqfNCMzfQ/REkl4zoUb1ztXUjvySKdGUpDg4Ws+QqJ0Yk=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=K1PtbApQOFjx9X7s3kEDyZPzyE3K4VBeUDYMCR8XDQeRJCgMQWDQAS4yYXWvwUuD3COvaTJxhvU046MB0YA6ChXkcXGoMdcZwa5/VCuxJJdjKTdoz6LwZeK5CGBfI8YTC5sGF5rl7etnWtRAWBuxtnJ2/l0pSGjoTcHltOf/KME=
On Mon, Mar 10, 2008 at 7:58 PM, Ang Kah Yik <[email protected]> wrote:
>
>  Hi Justin (and all others on-list)
>
>  I understand your grounds for blocking outbound SMTP for your customers
>  (especially those on dynamic IP connections).
>  It probably will do good to block infected customers that are spewing
>  spam all over the world.
>
>  However, considering the number of mobile workers out there who send
>  email via their laptops to corporate SMTP servers, won't blocking
>  outbound SMTP affect them?
>

vpns fix this...

>  Since these corporate types (I'm guessing here) are probably unaware of
>  how to change their email client's SMTP configurations, chances are that
>  blocking outbound SMTP will probably cause quite a lot of pain.
>

uunet dialup has blocked port25 in both directions since 2002...
little to no complaints. (well, they may have received complaints
since I left, but... thank John StClair for the work behind that
filtering actually.)

>  After all, there are also those who frequently move from place to place
>  so they're going to have to keep changing SMTP servers every time they
>  go to a new place that's on a different ISP.
>

many config's actually just use WCCP to transparently redirect your
smtp to an authorized SMTP server as Andy Dills points out.

-Chris